Heads up to anyone using iOS's Mail app: security researcher Jan Souček has found a serious vulnerability in the way the app handles inline HTML, allowing an attacker to load arbitrary web pages—including a simulated iCloud login prompt for phishing purposes. You can watch the proof-of-concept here:
The iCloud prompt is only one possible exploit. Other login prompts could also be emulated with a bit of HTML and CSS. As such, grabbing Google or Facebook logins might be only a step away.
For the curious, Souček has a GitHub repository with his sample code. He found this bug back in iOS 8.1.2, and reported it last January. However, Apple didn't fix it in subsequent updates. I'm guessing they will now.
|ASRock X299E-ITX/ac stuffs Core i9s into mini-ITX systems||1|
|Surface Book 2 flies higher with eighth-gen Core and Pascal||10|
|Report: Samsung 970 and 980 NVMe SSDs are on the way||35|
|MSI's Aegis 3 compact gaming PC reviewed||25|
|EK-Kit S140 and S280 make liquid cooling simple||6|
|Huawei Mate 10 and Mate 10 Pro go big on cameras and AI||27|
|WPA2 security hole KRACKs Wi-Fi networks wide open||65|
|Qualcomm seeks to block iPhone sales and manufacturing in China||25|
|Pimax's 8K VR headsets could be a look into the next generation||20|
|Ubiquiti released updates for UniFi devices this morning. Updates take a few minutes. Tell everyone to grab a cup of coffee.||+16|